Jump to content

edwin lang

Advanced Member
  • Content Count

    645
  • Joined

  • Last visited

About edwin lang

  • Rank
    Advanced Member

Previous Fields

  • System Specifications:
    i have a newly built computer. it has a 651m-l/650gm-l series ms-7005 motherboard with a msi agp nvidia 440-t8x a 60gig hd and installed 2 sticks of 512 ddr sdram memory. a cdr/rw a dvdr/rw that mb is a msi brand micro atx.
  • TechExpress Link:
    http://www.pcpitstop.com/techexpress.asp?id=uatd9wnjy1rst7we
  • Teams:
    Nothing Selected
  1. i should be ok, i run a miriad of different prgs, and keep them up to date: malwarebytes,adaware pro, spywareblaster, spybot S&D, i occasionally turn on my superantispyware prg, update it and run a scan, Norton Internet Security, which has anti virus and firewall i use, windows firewalls not that great, good standalone i used before nortons was comodo, i run online scanners od housecall and emisofts, run crap cleaner off and on just to help with reg, and clearup space. my defragger is diskkeeper, windows one is not so great. auslogics reg and defragger sometimes to i run. i also put these same malware prgs on every computer and laptop we have. i would rather have too many prgs on there that work, than to not have enough.
  2. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.13.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Lan-Ed-Tul :: NCC1701CPTKIRK [administrator] Protection: Enabled 4/13/2012 2:49:40 AM mbam-log-2012-04-13 (02-49-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 219505 Time elapsed: 8 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. lol i did the malwarebytes scan a lil while ago but didnt save the logfile, it was clean tho, running a new one and the eset one, will post when done
  4. OTL logfile created on: 4/12/2012 5:30:27 PM - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:UsersLan-Ed-TulDesktopHJT stuff 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 4.06 Gb Available Physical Memory | 67.66% Memory free 11.99 Gb Paging File | 10.13 Gb Available in Paging File | 84.46% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 580.63 Gb Total Space | 435.67 Gb Free Space | 75.03% Space Free | Partition Type: NTFS Drive D: | 15.54 Gb Total Space | 13.18 Gb Free Space | 84.83% Space Free | Partition Type: NTFS Drive E: | 931.51 Gb Total Space | 810.00 Gb Free Space | 86.96% Space Free | Partition Type: NTFS Computer Name: NCC1701CPTKIRK | User Name: Lan-Ed-Tul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UsersLan-Ed-TulDesktopHJT stuffOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)BillP StudiosWinPatrolWinPatrol.exe (BillP Studios) PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH) PRC - C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric) PRC - C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric) PRC - C:Program Files (x86)APCPowerChute Personal Editionapcsystray.exe (Schneider Electric) PRC - E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom) PRC - E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom) PRC - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccsvchst.exe (Symantec Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated) PRC - C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited) PRC - C:Program Files (x86)LavasoftAd-AwareAAWTray.exe (Lavasoft Limited) PRC - C:Program Files (x86)SecuniaPSIpsia.exe (Secunia) PRC - C:Program Files (x86)SecuniaPSIsua.exe (Secunia) PRC - C:Program Files (x86)SecuniaPSIpsi_tray.exe (Secunia) PRC - C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC) PRC - C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) PRC - C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com) ========== Modules (No Company Name) ========== MOD - C:Program Files (x86)BillP StudiosWinPatrolsqlite3.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (Diskeeper) -- C:Program FilesDiskeeper CorporationDiskeeperDkService.exe (Diskeeper Corporation) SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:WindowsSysNativeIPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation) SRV:64bit: - (XAudioService) -- C:WindowsSysNativedriversXAudio64.exe (Conexant Systems, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) SRV - (a2AntiMalware) -- C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH) SRV - (APC Data Service) -- C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric) SRV - (APC UPS Service) -- C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric) SRV - (TomTomHOMEService) -- E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom) SRV - (NIS) -- C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccSvcHst.exe (Symantec Corporation) SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated) SRV - (Lavasoft Ad-Aware Service) -- C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited) SRV - (ReflectService) -- E:New folderReflectService.exe () SRV - (Secunia PSI Agent) -- C:Program Files (x86)SecuniaPSIpsia.exe (Secunia) SRV - (Secunia Update Agent) -- C:Program Files (x86)SecuniaPSIsua.exe (Secunia) SRV - (HPSLPSVC) -- C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (MotoConnect Service) -- C:Program Files (x86)MotorolaMotoConnectServiceMotoConnectService.exe () SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:WindowsSysNativedriversNISx641306020.00Asymnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:WindowsSysNativedriversNISx641306020.00Asymefa64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:WindowsSysNativedriversNISx641306020.00Aironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:WindowsSysNativedriversNISx641306020.00Asrtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:WindowsSysNativedriversNISx641306020.00Asrtspx64.sys (Symantec Corporation) DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (ccSet_NIS) -- C:WindowsSysNativedriversNISx641306020.00Accsetx64.sys (Symantec Corporation) DRV:64bit: - (sbapifs) -- C:WindowsSysNativedriverssbapifs.sys (Sunbelt Software) DRV:64bit: - (Lbd) -- C:WindowsSysNativedriversLbd.sys (Lavasoft AB) DRV:64bit: - (SymDS) -- C:WindowsSysNativedriversNISx641306020.00Asymds64.sys (Symantec Corporation) DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (PSMounter) -- C:WindowsSysNativedriverspsmounter.sys (Macrium Software) DRV:64bit: - (SBRE) -- C:WindowsSysNativedriversSBREDrv.sys (Sunbelt Software) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:WindowsSysNativedriversatksgt.sys () DRV:64bit: - (lirsgt) -- C:WindowsSysNativedriverslirsgt.sys () DRV:64bit: - (PSI) -- C:WindowsSysNativedriverspsi_mf.sys (Secunia) DRV:64bit: - (e1express) Intel® -- C:WindowsSysNativedriverse1e6232e.sys (Intel Corporation) DRV:64bit: - (DKRtWrt) -- C:WindowsSysNativedriversDKRtWrt.sys (Diskeeper Corporation) DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTSTOR) -- C:WindowsSysNativedriversRTSTOR64.sys (Realtek Semiconductor Corp.) DRV:64bit: - (WmFilter) -- C:WindowsSysNativedriversWmFilter.sys (Logitech Inc.) DRV:64bit: - (ahcix64s) -- C:WindowsSysNativedriversahcix64s.sys (AMD Technologies Inc.) DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions) DRV:64bit: - (HSF_DPV) -- C:WindowsSysNativedriversCAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWBS2) -- C:WindowsSysNativedriversCAXHWBS2.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:WindowsSysNativedriversCAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (XAudio) -- C:WindowsSysNativedriversXAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (mdmxsdk) -- C:WindowsSysNativedriversmdmxsdk.sys (Conexant) DRV - (NAVEX15) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120411.034ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120411.034eng64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSVia64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsIPSDefs20120411.001IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsBASHDefs20120402.001_5dfBHDrvx64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys (Symantec Corporation) DRV - (a2acc) -- C:Program Files (x86)Emsisoft Anti-Malwarea2accx64.sys (Emsi Software GmbH) DRV - (Lavasoft Kernexplorer) -- C:Program Files (x86)LavasoftAd-Awarekernexplorer64.sys () DRV - (A2DDA) -- C:Program Files (x86)Emsisoft Anti-Malwarea2ddax64.sys (Emsi Software GmbH) DRV - (DrvAgent64) -- C:WindowsSysWOW64driversDrvAgent64.SYS (Phoenix Technologies) DRV - (1UnHooker) -- C:WindowsSysWOW64drivers1UnHooker.sys () DRV - (SASENUM) -- C:Program Files (x86)SUPERAntiSpywareSASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation) DRV - (TVICHW64) -- C:WindowsSysWOW64driversTVICHW64.SYS (EnTech Taiwan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = Preserve IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = [binary data over 100 bytes] IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://us.mc1612.mail.yahoo.com/mc/welcome?.tm=1315028594 IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2 FF - user.js - File not found FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - [email protected]/GENUINE: disabled File not found FF - [email protected]/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.) FF - [email protected]/iTunes,version=: File not found FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - [email protected]/Plugin: File not found FF - [email protected]/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.) FF - [email protected]/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF - [email protected]/GENUINE: disabled File not found FF - [email protected]/NpWinExt,version=5.0: C:Program Files (x86)MSN ToolbarPlatform5.0.1423.0npwinext.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation) FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation) FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation) FF - [email protected]/nppl3260;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.) FF - [email protected]/nprjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.) FF - [email protected]/nprpchromebrowserrecordext;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - [email protected]/nprphtml5videoshim;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.) FF - [email protected]/nprpjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.) FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - [email protected]/UnityPlayer,version=1.0: C:UsersLan-Ed-TulAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF - HKCUSoftwareMozillaPluginselectronicarts.com/GameFacePlugin: C:UsersLan-Ed-TulAppDataRoamingElectronic ArtsGame FacenpGameFacePlugin.dll (Electronic Arts) FF - HKE[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/04/11 07:40:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3IPSFFPlgn [2012/04/11 07:40:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3coFFPlgn [2012/04/12 17:27:20 | 000,000,000 | ---D | M] FF - [email protected].com: C:Program Files (x86)MSN ToolbarPlatform5.0.1423.0Firefox [2012/04/11 07:40:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{27182e60-b5f3-411c-b545-b44205977502}: C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperfirefoxextensionSearchHelperExtension [2012/04/11 07:40:21 | 000,000,000 | ---D | M] FF - HK[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M] [2010/09/29 05:42:09 | 000,000,000 | ---D | M] (No name found) -- C:UsersLan-Ed-TulAppDataRoamingMozillaExtensions [2010/08/22 16:32:49 | 000,000,000 | ---D | M] (No name found) -- C:[email protected] [2012/03/03 00:00:16 | 000,000,000 | ---D | M] (Map status indicator) -- E:TOMTOMTOMTOM HOME [email protected] O1 HOSTS File: ([2012/04/11 05:05:52 | 000,854,337 | R--- | M]) - C:WindowsSysNativedriversetchosts O1 - Hosts: 127.0.0.1 localhost # Loopback O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15192 more lines... O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.7.7227.1100swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ipsipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.7.7227.1100swg.dll (Google Inc.) O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O3 - HKLM..Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O3 - HKCU..ToolbarWebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O4 - HKLM..Run: [] File not found O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKLM..Run: [Display] C:Program Files (x86)APCPowerChute Personal EditionDataCollectionLauncher.exe (Schneider Electric) O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) O4 - HKLM..Run: [WinPatrol] C:Program Files (x86)BillP StudiosWinPatrolwinpatrol.exe (BillP Studios) O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..Run: [TomTomHOME.exe] E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom) O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma.lnk = C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupCurseClientStartup.ccip () O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYankee Clipper III.lnk = C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com) O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1 68.94.156.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{CDAFA582-DA8D-4806-9B51-EA9BD5E01368}: DhcpNameServer = 192.168.0.1 68.94.156.1 O18:64bit: - ProtocolHandlergopher - No CLSID value found O18:64bit: - ProtocolHandlerwlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL) - C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program Files (x86)SUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = comfile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/12 06:23:20 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsNVIDIA Corporation [2012/04/12 06:20:24 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysNativenvoglv64.dll [2012/04/12 06:20:24 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysNativenvcompiler.dll [2012/04/12 06:20:24 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvoglv32.dll [2012/04/12 06:20:24 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvcompiler.dll [2012/04/12 06:20:24 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysNativenvcuda.dll [2012/04/12 06:20:24 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvwgf2um.dll [2012/04/12 06:20:24 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvcuda.dll [2012/04/12 06:20:24 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysNativenvcuvenc.dll [2012/04/12 06:20:24 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysNativenvcuvid.dll [2012/04/12 06:20:24 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvcuvid.dll [2012/04/12 06:20:24 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvcuvenc.dll [2012/04/12 06:20:24 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvapi.dll [2012/04/12 06:20:24 | 000,068,928 | ---- | C] (Khronos Group) -- C:WindowsSysNativeOpenCL.dll [2012/04/12 06:20:24 | 000,061,248 | ---- | C] (Khronos Group) -- C:WindowsSysWow64OpenCL.dll [2012/04/12 00:36:18 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversfs_rec.sys [2012/04/12 00:36:17 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeimagehlp.dll [2012/04/12 00:36:14 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewintrust.dll [2012/04/12 00:35:44 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll [2012/04/12 00:35:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll [2012/04/12 00:35:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll [2012/04/12 00:35:44 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll [2012/04/12 00:35:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll [2012/04/12 00:35:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll [2012/04/12 00:35:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll [2012/04/11 01:15:30 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET [2012/04/09 23:23:10 | 000,000,000 | ---D | C] -- C:_OTL [2012/04/09 23:19:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)ERUNT [2012/04/09 04:17:14 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulDesktopHJT stuff [2012/04/07 17:19:19 | 000,000,000 | ---D | C] -- C:Qoobox [2012/04/01 16:35:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/03/30 16:48:51 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingdvdcss [2012/03/30 16:46:21 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingvlc [2012/03/28 19:09:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes [2012/03/28 19:08:48 | 000,000,000 | ---D | C] -- C:Program FilesiPod [2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program FilesiTunes [2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)iTunes [2012/03/27 05:01:52 | 000,000,000 | ---D | C] -- C:Program Files (x86)MSN Toolbar [2012/03/27 04:55:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/03/27 04:55:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy [2012/03/15 02:25:19 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDWrite.dll [2012/03/15 02:15:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorekmts.dll [2012/03/15 02:15:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpwsx.dll [2012/03/15 02:15:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdrmemptylst.exe [2012/03/15 02:08:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcore.dll [2012/03/15 02:08:09 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpcore.dll ========== Files - Modified Within 30 Days ========== [2012/04/12 17:43:58 | 000,000,000 | -HS- | M] () -- C:DkHyperbootSync [2012/04/12 17:35:16 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/12 17:35:16 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/12 17:27:07 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/04/12 17:27:06 | 535,437,311 | -HS- | M] () -- C:hiberfil.sys [2012/04/12 17:26:01 | 000,000,334 | ---- | M] () -- C:WindowstasksHP Photo Creations Communicator.job [2012/04/12 17:22:03 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/04/12 09:38:38 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat [2012/04/12 09:38:38 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat [2012/04/12 06:23:34 | 001,566,764 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00ACat.DB [2012/04/11 20:19:00 | 000,008,942 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00AVT20120410.034 [2012/04/11 05:05:52 | 000,854,337 | R--- | M] () -- C:WindowsSysNativedriversetchosts [2012/04/11 05:00:34 | 000,000,616 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk [2012/04/10 03:43:44 | 011,796,480 | -HS- | M] () -- C:UsersLan-Ed-Tulntuser.bak [2012/04/03 19:43:19 | 006,384,787 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache [2012/04/03 19:38:55 | 000,126,277 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalars.cache [2012/04/01 16:35:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/04/01 16:35:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2012/03/28 19:09:34 | 000,001,783 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk [2012/03/27 04:58:56 | 000,853,622 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120411-050552.backup [2012/03/27 04:55:53 | 000,001,258 | ---- | M] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk [2012/03/27 04:51:31 | 000,002,501 | ---- | M] () -- C:UsersPublicDesktopNorton Internet Security.lnk [2012/03/23 01:09:06 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS [2012/03/23 01:09:06 | 000,007,488 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT [2012/03/23 01:09:06 | 000,000,854 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF [2012/03/19 23:26:35 | 000,000,172 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00Aisolate.ini [2012/03/17 13:05:13 | 000,756,614 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/03/17 13:05:13 | 000,645,144 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/03/17 13:05:13 | 000,114,582 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/03/16 02:21:58 | 000,853,690 | R--- | M] () -- C:WindowsSysNativedriversetchosts.20120327-045856.backup [2012/03/15 02:19:46 | 000,398,112 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/04/12 17:30:34 | 000,000,000 | -HS- | C] () -- C:DkHyperbootSync [2012/04/01 16:35:07 | 000,000,830 | ---- | C] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/03/28 19:09:34 | 000,001,783 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk [2012/03/27 05:02:07 | 000,001,380 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Default Manager.lnk [2012/03/27 04:55:53 | 000,001,258 | ---- | C] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:WindowsSysWow64nvStreaming.exe [2011/08/14 05:33:21 | 006,384,787 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache [2011/08/14 05:27:23 | 000,126,277 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalars.cache [2011/05/12 17:22:08 | 000,207,062 | ---- | C] () -- C:Windowshpoins46.dat [2011/03/25 16:19:53 | 000,000,193 | ---- | C] () -- C:WindowsWORDPAD.INI [2011/03/18 23:53:31 | 000,000,036 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalhousecall.guid.cache [2011/03/11 02:46:53 | 000,000,193 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.64.bc [2010/09/29 06:37:56 | 000,000,098 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalfusioncache.dat [2010/09/29 06:05:24 | 000,000,258 | RHS- | C] () -- C:ProgramDatantuser.pol [2010/09/29 05:33:53 | 000,743,126 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI < End of report >
  5. All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Service CDScheduler stopped successfully! Service CDScheduler deleted successfully! C:Program Files (x86)CyberDefenderSchedulerServiceSchedulerService.exe moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found. HKCUSOFTWAREMicrosoftInternet ExplorerMainStart Page| /E : value set successfully! Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} not found. Registry key [email protected]/PandoWebPlugin deleted successfully. C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll moved successfully. Registry key HKEY_CURRENT_USERSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin deleted successfully. File C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll not found. Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbarLocked deleted successfully. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsebay.commy deleted successfully. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsebay.comsignin deleted successfully. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsfacebook.comapps deleted successfully. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsfacebook.comwww deleted successfully. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsfreerealms.com deleted successfully. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainssecunia.com deleted successfully. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainssoe.com deleted successfully. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainssony.com deleted successfully. Starting removal of ActiveX control ppctlcab Registry error reading value HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution UnitsppctlcabDownloadInformationINF . Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Unitsppctlcab deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Componentsppctlcab not found. C:Program Files (x86)Bing Bar InstallerOFFLINEJS folder moved successfully. C:Program Files (x86)Bing Bar InstallerOFFLINE folder moved successfully. C:Program Files (x86)Bing Bar Installer folder moved successfully. C:WindowsSysWow64SET667D.tmp deleted successfully. C:WindowsSysWow64SET6A40.tmp deleted successfully. C:WindowsSysWow64SETB8E4.tmp deleted successfully. C:WindowsSysWow64SETE32B.tmp deleted successfully. C:Windows1C4551A64743409391E41477CD655043.TMPWiseCustomCalla.dll deleted successfully. C:Windows1C4551A64743409391E41477CD655043.TMP folder deleted successfully. C:WindowsisRS-000.tmp deleted successfully. C:WindowsSysNative188D.tmp deleted successfully. C:WindowsSysNative1AF1.tmp deleted successfully. C:WindowsSysNative4630.tmp deleted successfully. C:WindowsSysNative660D.tmp deleted successfully. C:WindowsSysNative6826.tmp deleted successfully. C:WindowsSysNative8F26.tmp deleted successfully. C:WindowsSysNative91A6.tmp deleted successfully. C:WindowsSysNativeD394.tmp deleted successfully. C:WindowsSysNativeDEAB.tmp deleted successfully. C:WindowsSysNativeEF7C.tmp deleted successfully. C:WindowsSysNativeF99A.tmp deleted successfully. C:WindowsSysNativeFCC3.tmp deleted successfully. C:WindowsSysNativeSET5370.tmp deleted successfully. C:WindowsSysNativeSET5D0B.tmp deleted successfully. C:WindowsSysNativeSET84FB.tmp deleted successfully. C:WindowsSysNativeSET93CA.tmp deleted successfully. C:WindowsSysNativeSETB16F.tmp deleted successfully. C:WindowsSysNativeSETC40B.tmp deleted successfully. C:WindowsSysNativeSETCF07.tmp deleted successfully. C:WindowsSysNativeSETD92E.tmp deleted successfully. C:WindowsSysNativeSETED3D.tmp deleted successfully. C:WindowsSysNativeSETEE19.tmp deleted successfully. ADS C:ProgramDataTEMP:5C321E34 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:UsersLan-Ed-TulDesktopHJT stuffcmd.bat deleted successfully. C:UsersLan-Ed-TulDesktopHJT stuffcmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes ->Flash cache emptied: 53632 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Desktop User: Lan-Ed-Tul ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 9955638 bytes ->Java cache emptied: 573276 bytes ->Flash cache emptied: 54102 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes ->Flash cache emptied: 53632 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32 (64bit) .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3084 bytes %systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 34028 bytes %systemroot%sysnativeconfigsystemprofileAppDataLocalLowSunJavaDeployment folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 10.00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04122012_171808 FilesFolders moved on Reboot... C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5WID89V0Aaddons-tracker-v4[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5WID89V0Aaddons-v4[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5TMK28GIZgetAds[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5TMK28GIZgetAds[2].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5TMK28GIZmd[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL901[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9DtCol[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9error[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9error[2].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9fmr[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9getAds[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9getInPage[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9iframe3[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9iframe3[2].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9md[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9st[1] moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9st[2] moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9st[3] moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9welcome[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5AD8CXPNK300x250iframeusa[1].html moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C25812[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C258aceUAC[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C258ai[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C258facebook_com[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C258forumdisplay[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C258iframe3[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXeBayISAPI[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXfastbutton[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXgplus_notifications_gadget[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXgplus_notifications_gadget[2].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXiframe3[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXindex[1].htm moved successfully. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXst[2] moved successfully. File move failed. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXtrk=172593;pr=25;xp=25;np=25;uz=74017-1551;fbi=619;sbi=15197;fbo=11450;sbo=4250;fse=11450;sse=163147;fvi=220;svi=2562;cg=c28c28f11350a0aa1253ae63fe84ccc8[1].htm scheduled to be moved on reboot. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesAntiPhishing2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot... never had any problems downloading anything, i got the 1st prg in list downloaded and run, and heres the log from it:, had to reboot as prg wanted, but had to reboot one more time as some of icons in systray werent showing up, they did after the 2nd reboot, running the OTL scan now
  6. OTL logfile created on: 4/11/2012 5:01:57 PM - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:UsersLan-Ed-TulDesktopHJT stuff 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 53.63% Memory free 11.99 Gb Paging File | 9.10 Gb Available in Paging File | 75.86% Paging File free Paging file location(s): ?:pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 580.63 Gb Total Space | 444.36 Gb Free Space | 76.53% Space Free | Partition Type: NTFS Drive D: | 15.54 Gb Total Space | 13.18 Gb Free Space | 84.83% Space Free | Partition Type: NTFS Drive E: | 931.51 Gb Total Space | 810.00 Gb Free Space | 86.96% Space Free | Partition Type: NTFS Computer Name: NCC1701CPTKIRK | User Name: Lan-Ed-Tul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UsersLan-Ed-TulDesktopHJT stuffOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)BillP StudiosWinPatrolWinPatrol.exe (BillP Studios) PRC - C:Program Files (x86)PicPickpicpick.exe (NTeWORKS) PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (RealNetworks, Inc.) PRC - C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH) PRC - C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric) PRC - C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric) PRC - C:Program Files (x86)APCPowerChute Personal Editionapcsystray.exe (Schneider Electric) PRC - E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom) PRC - E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom) PRC - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe (Google Inc.) PRC - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccsvchst.exe (Symantec Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated) PRC - C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited) PRC - C:Program Files (x86)LavasoftAd-AwareAAWTray.exe (Lavasoft Limited) PRC - C:Program Files (x86)SecuniaPSIpsia.exe (Secunia) PRC - C:Program Files (x86)SecuniaPSIsua.exe (Secunia) PRC - C:Program Files (x86)SecuniaPSIpsi_tray.exe (Secunia) PRC - C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC) PRC - C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) PRC - C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com) ========== Modules (No Company Name) ========== MOD - C:Program Files (x86)BillP StudiosWinPatrolsqlite3.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (Diskeeper) -- C:Program FilesDiskeeper CorporationDiskeeperDkService.exe (Diskeeper Corporation) SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:WindowsSysNativeIPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation) SRV:64bit: - (XAudioService) -- C:WindowsSysNativedriversXAudio64.exe (Conexant Systems, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) SRV - (a2AntiMalware) -- C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH) SRV - (APC Data Service) -- C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric) SRV - (APC UPS Service) -- C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric) SRV - (TomTomHOMEService) -- E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom) SRV - (NIS) -- C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccSvcHst.exe (Symantec Corporation) SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated) SRV - (CDScheduler) -- C:Program Files (x86)CyberDefenderSchedulerServiceSchedulerService.exe (CyberDefender Corp.) SRV - (Lavasoft Ad-Aware Service) -- C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited) SRV - (ReflectService) -- E:New folderReflectService.exe () SRV - (Secunia PSI Agent) -- C:Program Files (x86)SecuniaPSIpsia.exe (Secunia) SRV - (Secunia Update Agent) -- C:Program Files (x86)SecuniaPSIsua.exe (Secunia) SRV - (HPSLPSVC) -- C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (MotoConnect Service) -- C:Program Files (x86)MotorolaMotoConnectServiceMotoConnectService.exe () SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:WindowsSysNativedriversNISx641306020.00Asymnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:WindowsSysNativedriversNISx641306020.00Asymefa64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:WindowsSysNativedriversNISx641306020.00Aironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:WindowsSysNativedriversNISx641306020.00Asrtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:WindowsSysNativedriversNISx641306020.00Asrtspx64.sys (Symantec Corporation) DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (ccSet_NIS) -- C:WindowsSysNativedriversNISx641306020.00Accsetx64.sys (Symantec Corporation) DRV:64bit: - (sbapifs) -- C:WindowsSysNativedriverssbapifs.sys (Sunbelt Software) DRV:64bit: - (Lbd) -- C:WindowsSysNativedriversLbd.sys (Lavasoft AB) DRV:64bit: - (SymDS) -- C:WindowsSysNativedriversNISx641306020.00Asymds64.sys (Symantec Corporation) DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (PSMounter) -- C:WindowsSysNativedriverspsmounter.sys (Macrium Software) DRV:64bit: - (SBRE) -- C:WindowsSysNativedriversSBREDrv.sys (Sunbelt Software) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:WindowsSysNativedriversatksgt.sys () DRV:64bit: - (lirsgt) -- C:WindowsSysNativedriverslirsgt.sys () DRV:64bit: - (PSI) -- C:WindowsSysNativedriverspsi_mf.sys (Secunia) DRV:64bit: - (MEMSWEEP2) -- C:WindowsSysNative91A6.tmp (Sophos Plc) DRV:64bit: - (e1express) Intel® -- C:WindowsSysNativedriverse1e6232e.sys (Intel Corporation) DRV:64bit: - (DKRtWrt) -- C:WindowsSysNativedriversDKRtWrt.sys (Diskeeper Corporation) DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTSTOR) -- C:WindowsSysNativedriversRTSTOR64.sys (Realtek Semiconductor Corp.) DRV:64bit: - (WmFilter) -- C:WindowsSysNativedriversWmFilter.sys (Logitech Inc.) DRV:64bit: - (ahcix64s) -- C:WindowsSysNativedriversahcix64s.sys (AMD Technologies Inc.) DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions) DRV:64bit: - (HSF_DPV) -- C:WindowsSysNativedriversCAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWBS2) -- C:WindowsSysNativedriversCAXHWBS2.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:WindowsSysNativedriversCAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (XAudio) -- C:WindowsSysNativedriversXAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (mdmxsdk) -- C:WindowsSysNativedriversmdmxsdk.sys (Conexant) DRV - (NAVEX15) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120411.003ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120411.003eng64.sys (Symantec Corporation) DRV - (EraserUtilDrv11122) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilDrv11122.sys (Symantec Corporation) DRV - (IDSVia64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsIPSDefs20120410.002_5faIDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsBASHDefs20120402.001_5dfBHDrvx64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys (Symantec Corporation) DRV - (a2acc) -- C:Program Files (x86)Emsisoft Anti-Malwarea2accx64.sys (Emsi Software GmbH) DRV - (Lavasoft Kernexplorer) -- C:Program Files (x86)LavasoftAd-Awarekernexplorer64.sys () DRV - (A2DDA) -- C:Program Files (x86)Emsisoft Anti-Malwarea2ddax64.sys (Emsi Software GmbH) DRV - (DrvAgent64) -- C:WindowsSysWOW64driversDrvAgent64.SYS (Phoenix Technologies) DRV - (1UnHooker) -- C:WindowsSysWOW64drivers1UnHooker.sys () DRV - (SASENUM) -- C:Program Files (x86)SUPERAntiSpywareSASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation) DRV - (TVICHW64) -- C:WindowsSysWOW64driversTVICHW64.SYS (EnTech Taiwan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = Preserve IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = [binary data over 100 bytes] IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://us.mc1612.mail.yahoo.com/mc/welcome?.tm=1315028594 IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCU..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2 FF - user.js - File not found FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - [email protected]/GENUINE: disabled File not found FF - [email protected]/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.) FF - [email protected]/iTunes,version=: File not found FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - [email protected]/Plugin: File not found FF - [email protected]/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.) FF - [email protected]/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF - [email protected]/GENUINE: disabled File not found FF - [email protected]/NpWinExt,version=5.0: C:Program Files (x86)MSN ToolbarPlatform5.0.1423.0npwinext.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation) FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation) FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation) FF - [email protected]/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) FF - [email protected]/nppl3260;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.) FF - [email protected]/nprjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.) FF - [email protected]/nprpchromebrowserrecordext;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - [email protected]/nprphtml5videoshim;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.) FF - [email protected]/nprpjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.) FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - [email protected]/UnityPlayer,version=1.0: C:UsersLan-Ed-TulAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF - HKCUSoftwareMozillaPluginselectronicarts.com/GameFacePlugin: C:UsersLan-Ed-TulAppDataRoamingElectronic ArtsGame FacenpGameFacePlugin.dll (Electronic Arts) FF - HKCUSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) FF - HKE[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/04/11 07:40:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3IPSFFPlgn [2012/04/11 07:40:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3coFFPlgn [2012/04/11 04:43:32 | 000,000,000 | ---D | M] FF - [email protected].com: C:Program Files (x86)MSN ToolbarPlatform5.0.1423.0Firefox [2012/04/11 07:40:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{27182e60-b5f3-411c-b545-b44205977502}: C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperfirefoxextensionSearchHelperExtension [2012/04/11 07:40:21 | 000,000,000 | ---D | M] FF - HK[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M] [2010/09/29 05:42:09 | 000,000,000 | ---D | M] (No name found) -- C:UsersLan-Ed-TulAppDataRoamingMozillaExtensions [2010/08/22 16:32:49 | 000,000,000 | ---D | M] (No name found) -- C:[email protected] [2012/03/03 00:00:16 | 000,000,000 | ---D | M] (Map status indicator) -- E:TOMTOMTOMTOM HOME [email protected] O1 HOSTS File: ([2012/04/11 05:05:52 | 000,854,337 | R--- | M]) - C:WindowsSysNativedriversetchosts O1 - Hosts: 127.0.0.1 localhost # Loopback O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15192 more lines... O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.7.7227.1100swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ipsipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.7.7227.1100swg.dll (Google Inc.) O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O3 - HKLM..Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O3 - HKCU..ToolbarWebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O4 - HKLM..Run: [] File not found O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKLM..Run: [Display] C:Program Files (x86)APCPowerChute Personal EditionDataCollectionLauncher.exe (Schneider Electric) O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) O4 - HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerupdaterealsched.exe (RealNetworks, Inc.) O4 - HKLM..Run: [WinPatrol] C:Program Files (x86)BillP StudiosWinPatrolwinpatrol.exe (BillP Studios) O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..Run: [TomTomHOME.exe] E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom) O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma.lnk = C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupCurseClientStartup.ccip () O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYankee Clipper III.lnk = C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com) O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU..Trusted Domains: ebay.com ([my] https in Trusted sites) O15 - HKCU..Trusted Domains: ebay.com ([signin] https in Trusted sites) O15 - HKCU..Trusted Domains: facebook.com ([apps] https in Trusted sites) O15 - HKCU..Trusted Domains: facebook.com ([www] https in Trusted sites) O15 - HKCU..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU..Trusted Domains: secunia.com ([]https in Trusted sites) O15 - HKCU..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O16 - DPF: ppctlcab http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab (Reg Error: Key error.) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1 68.94.156.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{CDAFA582-DA8D-4806-9B51-EA9BD5E01368}: DhcpNameServer = 192.168.0.1 68.94.156.1 O18:64bit: - ProtocolHandlergopher - No CLSID value found O18:64bit: - ProtocolHandlerwlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL) - C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program Files (x86)SUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = comfile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/11 01:15:30 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET [2012/04/09 23:23:10 | 000,000,000 | ---D | C] -- C:_OTL [2012/04/09 23:19:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)ERUNT [2012/04/09 04:17:14 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulDesktopHJT stuff [2012/04/07 17:19:19 | 000,000,000 | ---D | C] -- C:Qoobox [2012/04/01 16:35:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/03/30 16:48:51 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingdvdcss [2012/03/30 16:46:21 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingvlc [2012/03/28 19:09:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes [2012/03/28 19:08:48 | 000,000,000 | ---D | C] -- C:Program FilesiPod [2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program FilesiTunes [2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)iTunes [2012/03/27 05:01:52 | 000,000,000 | ---D | C] -- C:Program Files (x86)MSN Toolbar [2012/03/27 05:01:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)Bing Bar Installer [2012/03/27 04:55:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/03/27 04:55:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy [2012/03/15 02:25:19 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDWrite.dll [2012/03/15 02:15:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorekmts.dll [2012/03/15 02:15:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpwsx.dll [2012/03/15 02:15:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdrmemptylst.exe [2012/03/15 02:08:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcore.dll [2012/03/15 02:08:09 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpcore.dll [3 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ] [2 C:Windows*.tmp files -> C:Windows*.tmp -> ] [17 C:WindowsSysNative*.tmp files -> C:WindowsSysNative*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/11 17:04:02 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/04/11 17:01:40 | 000,000,000 | -HS- | M] () -- C:DkHyperbootSync [2012/04/11 16:26:00 | 000,000,334 | ---- | M] () -- C:WindowstasksHP Photo Creations Communicator.job [2012/04/11 15:41:07 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat [2012/04/11 15:41:07 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat [2012/04/11 05:05:52 | 000,854,337 | R--- | M] () -- C:WindowsSysNativedriversetchosts [2012/04/11 05:00:34 | 000,000,616 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk [2012/04/11 04:52:59 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/11 04:52:59 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/11 04:43:02 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/04/11 04:42:51 | 535,437,311 | -HS- | M] () -- C:hiberfil.sys [2012/04/10 03:43:44 | 011,796,480 | -HS- | M] () -- C:UsersLan-Ed-Tulntuser.bak [2012/04/03 19:43:19 | 006,384,787 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache [2012/04/03 19:38:55 | 000,126,277 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalars.cache [2012/04/01 16:35:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/04/01 16:35:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2012/03/28 19:09:34 | 000,001,783 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk [2012/03/27 04:58:56 | 000,853,622 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120411-050552.backup [2012/03/27 04:55:53 | 000,001,258 | ---- | M] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk [2012/03/27 04:51:31 | 000,002,501 | ---- | M] () -- C:UsersPublicDesktopNorton Internet Security.lnk [2012/03/27 04:51:02 | 001,557,464 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00ACat.DB [2012/03/27 04:50:49 | 000,008,727 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00AVT20120301.009 [2012/03/23 01:09:06 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS [2012/03/23 01:09:06 | 000,007,488 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT [2012/03/23 01:09:06 | 000,000,854 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF [2012/03/19 23:26:35 | 000,000,172 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00Aisolate.ini [2012/03/17 13:05:13 | 000,756,614 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/03/17 13:05:13 | 000,645,144 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/03/17 13:05:13 | 000,114,582 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/03/16 02:21:58 | 000,853,690 | R--- | M] () -- C:WindowsSysNativedriversetchosts.20120327-045856.backup [2012/03/15 02:19:46 | 000,398,112 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT [3 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ] [2 C:Windows*.tmp files -> C:Windows*.tmp -> ] [17 C:WindowsSysNative*.tmp files -> C:WindowsSysNative*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/11 17:01:40 | 000,000,000 | -HS- | C] () -- C:DkHyperbootSync [2012/04/01 16:35:07 | 000,000,830 | ---- | C] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/03/28 19:09:34 | 000,001,783 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk [2012/03/27 05:02:07 | 000,001,380 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Default Manager.lnk [2012/03/27 04:55:53 | 000,001,258 | ---- | C] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk [2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:WindowsSysWow64nvStreaming.exe [2011/08/14 05:33:21 | 006,384,787 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache [2011/08/14 05:27:23 | 000,126,277 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalars.cache [2011/05/12 17:22:08 | 000,207,062 | ---- | C] () -- C:Windowshpoins46.dat [2011/03/25 16:19:53 | 000,000,193 | ---- | C] () -- C:WindowsWORDPAD.INI [2011/03/18 23:53:31 | 000,000,036 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalhousecall.guid.cache [2011/03/11 02:46:53 | 000,000,193 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.64.bc [2010/09/29 06:37:56 | 000,000,098 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalfusioncache.dat [2010/09/29 06:05:24 | 000,000,258 | RHS- | C] () -- C:ProgramDatantuser.pol [2010/09/29 05:33:53 | 000,743,126 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34 < End of report >
  7. how do you want it run? minimal output and just scan or also the lop and purity check? im hoping this isnt the scan that messed up the windows defender. right now since i did a week old restore point restore and reupdated the security prgs of adware, spybot S&D, spywareblaster, malwarebytes, NIS 2012, etc.., and run scans with them and all came up clean. and also computer is running pretty good right now.
  8. ok i got windows defender working again, but had to do a system restore back bout a week ago on a windows update i did. it only messed up when we commenced doing these scans, so one of those scans did whatever it did to foul up WD. all those malware scans are comin up clean so far, thinkin it all goes back to that HJT scan with whatever the file missing lines were all about.
  9. i already run malwarebytes pro paid version and run it as requested. malwarebytes scan came up clean. Farbar Service Scanner Version: 01-03-2012 Ran by Lan-Ed-Tul (administrator) on 11-04-2012 at 01:05:10 Running from "C:UsersLan-Ed-TulDesktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend: "%ProgramFiles(x86)%Windows Defendermpsvc.dll". File Check: ======== C:WindowsSystem32nsisvc.dll => MD5 is legit C:WindowsSystem32driversnsiproxy.sys => MD5 is legit C:WindowsSystem32dhcpcore.dll => MD5 is legit C:WindowsSystem32driversafd.sys => MD5 is legit C:WindowsSystem32driverstdx.sys => MD5 is legit C:WindowsSystem32Driverstcpip.sys => MD5 is legit C:WindowsSystem32dnsrslvr.dll => MD5 is legit C:WindowsSystem32mpssvc.dll => MD5 is legit C:WindowsSystem32bfe.dll => MD5 is legit C:WindowsSystem32driversmpsdrv.sys => MD5 is legit C:WindowsSystem32SDRSVC.dll => MD5 is legit C:WindowsSystem32vssvc.exe => MD5 is legit C:WindowsSystem32wscsvc.dll => MD5 is legit C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit C:WindowsSystem32wuaueng.dll => MD5 is legit C:WindowsSystem32qmgr.dll => MD5 is legit C:WindowsSystem32es.dll => MD5 is legit C:WindowsSystem32cryptsvc.dll => MD5 is legit C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit C:WindowsSystem32svchost.exe => MD5 is legit C:WindowsSystem32rpcss.dll => MD5 is legit **** End of log **** Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Lan-Ed-Tul :: NCC1701CPTKIRK [administrator] Protection: Enabled 4/11/2012 1:03:23 AM mbam-log-2012-04-11 (01-03-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 218995 Time elapsed: 7 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) i run the eset scan, came up clean with no option to print a list out, since it found nothing
  10. OTL logfile created on: 4/10/2012 4:30:27 PM - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:UsersLan-Ed-TulDesktopHJT stuff 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 67.91% Memory free 11.99 Gb Paging File | 9.90 Gb Available in Paging File | 82.54% Paging File free Paging file location(s): ?:pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 580.63 Gb Total Space | 440.24 Gb Free Space | 75.82% Space Free | Partition Type: NTFS Drive D: | 15.54 Gb Total Space | 13.18 Gb Free Space | 84.83% Space Free | Partition Type: NTFS Drive E: | 931.51 Gb Total Space | 809.99 Gb Free Space | 86.95% Space Free | Partition Type: NTFS Computer Name: NCC1701CPTKIRK | User Name: Lan-Ed-Tul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UsersLan-Ed-TulDesktopHJT stuffOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)BillP StudiosWinPatrolWinPatrol.exe (BillP Studios) PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH) PRC - C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric) PRC - C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric) PRC - C:Program Files (x86)APCPowerChute Personal Editionapcsystray.exe (Schneider Electric) PRC - E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom) PRC - E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom) PRC - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccsvchst.exe (Symantec Corporation) PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated) PRC - C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited) PRC - C:Program Files (x86)LavasoftAd-AwareAAWTray.exe (Lavasoft Limited) PRC - C:Program Files (x86)SecuniaPSIpsia.exe (Secunia) PRC - C:Program Files (x86)SecuniaPSIsua.exe (Secunia) PRC - C:Program Files (x86)SecuniaPSIpsi_tray.exe (Secunia) PRC - C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC) PRC - C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) PRC - C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com) ========== Modules (No Company Name) ========== MOD - C:Program Files (x86)BillP StudiosWinPatrolsqlite3.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (Diskeeper) -- C:Program FilesDiskeeper CorporationDiskeeperDkService.exe (Diskeeper Corporation) SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:WindowsSysNativeIPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (XAudioService) -- C:WindowsSysNativedriversXAudio64.exe (Conexant Systems, Inc.) SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) SRV - (a2AntiMalware) -- C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH) SRV - (APC Data Service) -- C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric) SRV - (APC UPS Service) -- C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric) SRV - (TomTomHOMEService) -- E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom) SRV - (NIS) -- C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated) SRV - (Lavasoft Ad-Aware Service) -- C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited) SRV - (ReflectService) -- E:New folderReflectService.exe () SRV - (Secunia PSI Agent) -- C:Program Files (x86)SecuniaPSIpsia.exe (Secunia) SRV - (Secunia Update Agent) -- C:Program Files (x86)SecuniaPSIsua.exe (Secunia) SRV - (HPSLPSVC) -- C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (MotoConnect Service) -- C:Program Files (x86)MotorolaMotoConnectServiceMotoConnectService.exe () SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (SymEvent) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:WindowsSysNativedriversNISx641306020.00Asymnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:WindowsSysNativedriversNISx641306020.00Asymefa64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:WindowsSysNativedriversNISx641306020.00Aironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:WindowsSysNativedriversNISx641306020.00Asrtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:WindowsSysNativedriversNISx641306020.00Asrtspx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:WindowsSysNativedriversNISx641306020.00Accsetx64.sys (Symantec Corporation) DRV:64bit: - (sbapifs) -- C:WindowsSysNativedriverssbapifs.sys (Sunbelt Software) DRV:64bit: - (Lbd) -- C:WindowsSysNativedriversLbd.sys (Lavasoft AB) DRV:64bit: - (SymDS) -- C:WindowsSysNativedriversNISx641306020.00Asymds64.sys (Symantec Corporation) DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (PSMounter) -- C:WindowsSysNativedriverspsmounter.sys (Macrium Software) DRV:64bit: - (SBRE) -- C:WindowsSysNativedriversSBREDrv.sys (Sunbelt Software) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:WindowsSysNativedriversatksgt.sys () DRV:64bit: - (lirsgt) -- C:WindowsSysNativedriverslirsgt.sys () DRV:64bit: - (PSI) -- C:WindowsSysNativedriverspsi_mf.sys (Secunia) DRV:64bit: - (e1express) Intel® -- C:WindowsSysNativedriverse1e6232e.sys (Intel Corporation) DRV:64bit: - (DKRtWrt) -- C:WindowsSysNativedriversDKRtWrt.sys (Diskeeper Corporation) DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTSTOR) -- C:WindowsSysNativedriversRTSTOR64.sys (Realtek Semiconductor Corp.) DRV:64bit: - (WmFilter) -- C:WindowsSysNativedriversWmFilter.sys (Logitech Inc.) DRV:64bit: - (ahcix64s) -- C:WindowsSysNativedriversahcix64s.sys (AMD Technologies Inc.) DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions) DRV:64bit: - (HSF_DPV) -- C:WindowsSysNativedriversCAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWBS2) -- C:WindowsSysNativedriversCAXHWBS2.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:WindowsSysNativedriversCAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (XAudio) -- C:WindowsSysNativedriversXAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (mdmxsdk) -- C:WindowsSysNativedriversmdmxsdk.sys (Conexant) DRV - (NAVEX15) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120410.003ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120410.003eng64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsBASHDefs20120402.001BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsIPSDefs20120406.003IDSviA64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys (Symantec Corporation) DRV - (a2acc) -- C:Program Files (x86)Emsisoft Anti-Malwarea2accx64.sys (Emsi Software GmbH) DRV - (Lavasoft Kernexplorer) -- C:Program Files (x86)LavasoftAd-Awarekernexplorer64.sys () DRV - (A2DDA) -- C:Program Files (x86)Emsisoft Anti-Malwarea2ddax64.sys (Emsi Software GmbH) DRV - (DrvAgent64) -- C:WindowsSysWOW64driversDrvAgent64.SYS (Phoenix Technologies) DRV - (1UnHooker) -- C:WindowsSysWOW64drivers1UnHooker.sys () DRV - (SASENUM) -- C:Program Files (x86)SUPERAntiSpywareSASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation) DRV - (TVICHW64) -- C:WindowsSysWOW64driversTVICHW64.SYS (EnTech Taiwan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = [binary data over 100 bytes] IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://us.mc1612.mail.yahoo.com/mc/welcome?.tm=1315028594#_pg=showFolder&fid=Inbox&order=down&tt=8&pSize=50&.rand=825442203&hash=22dc51734967b08b823fee4cfb1bb762&.jsrand=1458432 IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2 FF - user.js - File not found FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - [email protected]/GENUINE: disabled File not found FF - [email protected]/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.) FF - [email protected]/iTunes,version=: File not found FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - [email protected]/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.) FF - [email protected]/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF - [email protected]/GENUINE: disabled File not found FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation) FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation) FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation) FF - [email protected]/nppl3260;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.) FF - [email protected]/nprjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.) FF - [email protected]/nprpchromebrowserrecordext;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - [email protected]/nprphtml5videoshim;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.) FF - [email protected]/nprpjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.) FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - [email protected]/UnityPlayer,version=1.0: C:UsersLan-Ed-TulAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF - HKCUSoftwareMozillaPluginselectronicarts.com/GameFacePlugin: C:UsersLan-Ed-TulAppDataRoamingElectronic ArtsGame FacenpGameFacePlugin.dll (Electronic Arts) FF - HKE[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/02/08 18:38:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3IPSFFPlgn [2012/01/31 04:58:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3coFFPlgn [2012/04/10 16:24:11 | 000,000,000 | ---D | M] FF - HK[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M] [2010/09/29 05:42:09 | 000,000,000 | ---D | M] (No name found) -- C:UsersLan-Ed-TulAppDataRoamingMozillaExtensions [2010/08/22 16:32:49 | 000,000,000 | ---D | M] (No name found) -- C:[email protected] [2012/03/03 00:00:16 | 000,000,000 | ---D | M] (Map status indicator) -- E:TOMTOMTOMTOM HOME [email protected] O1 HOSTS File: ([2012/04/08 00:08:09 | 000,441,327 | R--- | M]) - C:WindowsSysNativedriversetchosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15191 more lines... O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.7.7227.1100swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ipsipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.7.7227.1100swg.dll (Google Inc.) O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O3 - HKLM..Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O3 - HKCU..ToolbarWebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) O4 - HKLM..Run: [WinPatrol] C:Program Files (x86)BillP StudiosWinPatrolwinpatrol.exe (BillP Studios) O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..Run: [TomTomHOME.exe] E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom) O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma.lnk = C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupCurseClientStartup.ccip () O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYankee Clipper III.lnk = C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O15 - HKCU..Trusted Domains: yahoo.com ([us.mc1612.mail] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O16 - DPF: ppctlcab http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab (Reg Error: Key error.) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1 68.94.156.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{CDAFA582-DA8D-4806-9B51-EA9BD5E01368}: DhcpNameServer = 192.168.0.1 68.94.156.1 O18:64bit: - ProtocolHandlergopher - No CLSID value found O18:64bit: - ProtocolHandlerwlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL) - C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program Files (x86)SUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = comfile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/10 02:57:10 | 000,000,000 | ---D | C] -- C:ComboFix [2012/04/09 23:23:10 | 000,000,000 | ---D | C] -- C:_OTL [2012/04/09 23:19:14 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsERUNT [2012/04/09 23:19:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)ERUNT [2012/04/09 04:17:14 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulDesktopHJT stuff [2012/04/07 20:53:34 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN [2012/04/07 17:22:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe [2012/04/07 17:22:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe [2012/04/07 17:22:39 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe [2012/04/07 17:22:30 | 000,000,000 | ---D | C] -- C:WindowsERDNT [2012/04/07 17:19:19 | 000,000,000 | ---D | C] -- C:Qoobox [2012/04/07 17:17:39 | 004,452,637 | R--- | C] (Swearware) -- C:UsersLan-Ed-TulDesktopComboFix.exe [2012/04/01 16:35:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/03/30 16:48:51 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingdvdcss [2012/03/28 19:09:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes [2012/03/28 19:08:48 | 000,000,000 | ---D | C] -- C:Program FilesiPod [2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program FilesiTunes [2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)iTunes [2012/03/27 04:55:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/03/27 04:55:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy [2012/03/15 02:25:19 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDWrite.dll [2012/03/15 02:15:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorekmts.dll [2012/03/15 02:15:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpwsx.dll [2012/03/15 02:15:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdrmemptylst.exe [2012/03/15 02:08:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcore.dll [2012/03/15 02:08:09 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpcore.dll ========== Files - Modified Within 30 Days ========== [2012/04/10 16:31:49 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/10 16:31:49 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/10 16:28:32 | 000,000,000 | -HS- | M] () -- C:DkHyperbootSync [2012/04/10 16:26:00 | 000,000,334 | ---- | M] () -- C:WindowstasksHP Photo Creations Communicator.job [2012/04/10 16:23:54 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/04/10 16:23:45 | 535,437,311 | -HS- | M] () -- C:hiberfil.sys [2012/04/10 16:08:31 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/04/10 15:22:50 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat [2012/04/10 15:22:50 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat [2012/04/10 04:04:04 | 000,001,109 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/04/10 03:43:44 | 011,796,480 | -HS- | M] () -- C:UsersLan-Ed-Tulntuser.bak [2012/04/09 04:31:37 | 000,000,623 | ---- | M] () -- C:UsersPublicDesktopWorld of Warcraft.lnk [2012/04/09 04:25:26 | 000,000,616 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk [2012/04/08 00:08:09 | 000,441,327 | R--- | M] () -- C:WindowsSysNativedriversetchosts [2012/04/07 17:37:23 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120408-000809.backup [2012/04/07 17:18:04 | 004,452,637 | R--- | M] (Swearware) -- C:UsersLan-Ed-TulDesktopComboFix.exe [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys [2012/04/03 22:21:56 | 000,756,614 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/04/03 22:21:56 | 000,645,144 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/04/03 22:21:56 | 000,114,582 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/04/03 19:43:19 | 006,384,787 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache [2012/04/03 19:38:55 | 000,126,277 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalars.cache [2012/04/01 16:35:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/04/01 16:35:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2012/03/28 19:09:34 | 000,001,783 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk [2012/03/27 04:55:53 | 000,001,258 | ---- | M] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk [2012/03/27 04:51:31 | 000,002,501 | ---- | M] () -- C:UsersPublicDesktopNorton Internet Security.lnk [2012/03/27 04:51:02 | 001,557,464 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00ACat.DB [2012/03/27 04:50:49 | 000,008,727 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00AVT20120301.009 [2012/03/23 01:09:06 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS [2012/03/23 01:09:06 | 000,007,488 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT [2012/03/23 01:09:06 | 000,000,854 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF [2012/03/19 23:26:35 | 000,000,172 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00Aisolate.ini [2012/03/16 02:21:58 | 000,853,690 | R--- | M] () -- C:WindowsSysNativedriversetchosts.20120327-045856.backup [2012/03/15 02:19:46 | 000,398,112 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT [2012/03/12 04:44:34 | 000,001,246 | ---- | M] () -- C:UsersLan-Ed-TulDesktopAuslogics Disk Defrag.lnk [2012/03/12 04:43:04 | 000,001,281 | ---- | M] () -- C:UsersLan-Ed-TulDesktopAuslogics Registry Cleaner.lnk [2012/03/12 04:28:52 | 000,003,380 | ---- | M] () -- C:UsersLan-Ed-TulDocumentscc_20120312_042846.reg [2012/03/12 04:25:30 | 000,853,690 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120316-022158.backup ========== Files Created - No Company Name ========== [2012/04/10 16:28:32 | 000,000,000 | -HS- | C] () -- C:DkHyperbootSync [2012/04/07 17:22:39 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe [2012/04/07 17:22:39 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe [2012/04/07 17:22:39 | 000,098,816 | ---- | C] () -- C:Windowssed.exe [2012/04/07 17:22:39 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe [2012/04/07 17:22:39 | 000,068,096 | ---- | C] () -- C:Windowszip.exe [2012/04/01 16:35:07 | 000,000,830 | ---- | C] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/03/28 19:09:34 | 000,001,783 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk [2012/03/27 04:55:53 | 000,001,258 | ---- | C] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk [2012/03/12 04:44:34 | 000,001,246 | ---- | C] () -- C:UsersLan-Ed-TulDesktopAuslogics Disk Defrag.lnk [2012/03/12 04:43:03 | 000,001,281 | ---- | C] () -- C:UsersLan-Ed-TulDesktopAuslogics Registry Cleaner.lnk [2012/03/12 04:28:51 | 000,003,380 | ---- | C] () -- C:UsersLan-Ed-TulDocumentscc_20120312_042846.reg [2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:WindowsSysWow64nvStreaming.exe [2011/08/14 05:33:21 | 006,384,787 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache [2011/08/14 05:27:23 | 000,126,277 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalars.cache [2011/05/12 17:22:08 | 000,207,062 | ---- | C] () -- C:Windowshpoins46.dat [2011/03/25 16:19:53 | 000,000,193 | ---- | C] () -- C:WindowsWORDPAD.INI [2011/03/18 23:53:31 | 000,000,036 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalhousecall.guid.cache [2011/03/11 02:46:53 | 000,000,193 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.64.bc [2010/09/29 06:37:56 | 000,000,098 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalfusioncache.dat [2010/09/29 06:05:24 | 000,000,258 | RHS- | C] () -- C:ProgramDatantuser.pol [2010/09/29 05:33:53 | 000,743,126 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34 < End of report > the prg run, had a few momentary not respondings thruout but continued to run to end nonetheless. i just checked the windows defender prg, and now the module cant be found, and service will NOT start, i beleive that was the cyberdefender thing that kept showing up on log reports. so what do i do about windows defender no longer working after these scan/fixes?
  11. trying to let prg run, but it keeps on goin not responding on me. keeps hanging on the lsdelete lines . those are part of the adaware prg. its also while trying to run the fix, my icons for adaware, malwarebytes and others in my systray are disappearing, while prg stays locked up in not responding. all very similar to when i tried to run combofix it kept hanging up. i do a manual reboot and everythings back as it should be
  12. OTL logfile created on: 4/8/2012 12:10:02 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:UsersLan-Ed-TulDesktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 3.69 Gb Available Physical Memory | 61.47% Memory free 11.99 Gb Paging File | 9.72 Gb Available in Paging File | 81.06% Paging File free Paging file location(s): ?:pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 580.63 Gb Total Space | 441.04 Gb Free Space | 75.96% Space Free | Partition Type: NTFS Drive D: | 15.54 Gb Total Space | 13.18 Gb Free Space | 84.83% Space Free | Partition Type: NTFS Drive E: | 931.51 Gb Total Space | 804.76 Gb Free Space | 86.39% Space Free | Partition Type: NTFS Computer Name: NCC1701CPTKIRK | User Name: Lan-Ed-Tul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UsersLan-Ed-TulDesktopOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)BillP StudiosWinPatrolWinPatrol.exe (BillP Studios) PRC - C:Program Files (x86)PicPickpicpick.exe (NTeWORKS) PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH) PRC - C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric) PRC - C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric) PRC - C:Program Files (x86)APCPowerChute Personal Editionapcsystray.exe (Schneider Electric) PRC - E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom) PRC - E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom) PRC - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccsvchst.exe (Symantec Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated) PRC - C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited) PRC - C:Program Files (x86)LavasoftAd-AwareAAWTray.exe (Lavasoft Limited) PRC - C:Program Files (x86)SecuniaPSIpsia.exe (Secunia) PRC - C:Program Files (x86)SecuniaPSIsua.exe (Secunia) PRC - C:Program Files (x86)SecuniaPSIpsi_tray.exe (Secunia) PRC - C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC) PRC - C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) PRC - C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com) ========== Modules (No Company Name) ========== MOD - C:Program Files (x86)BillP StudiosWinPatrolsqlite3.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (Diskeeper) -- C:Program FilesDiskeeper CorporationDiskeeperDkService.exe (Diskeeper Corporation) SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:WindowsSysNativeIPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (XAudioService) -- C:WindowsSysNativedriversXAudio64.exe (Conexant Systems, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) SRV - (a2AntiMalware) -- C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH) SRV - (APC Data Service) -- C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric) SRV - (APC UPS Service) -- C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric) SRV - (TomTomHOMEService) -- E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom) SRV - (NIS) -- C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccSvcHst.exe (Symantec Corporation) SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated) SRV - (CDScheduler) -- C:Program Files (x86)CyberDefenderSchedulerServiceSchedulerService.exe (CyberDefender Corp.) SRV - (Lavasoft Ad-Aware Service) -- C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited) SRV - (ReflectService) -- E:New folderReflectService.exe () SRV - (Secunia PSI Agent) -- C:Program Files (x86)SecuniaPSIpsia.exe (Secunia) SRV - (Secunia Update Agent) -- C:Program Files (x86)SecuniaPSIsua.exe (Secunia) SRV - (HPSLPSVC) -- C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (MotoConnect Service) -- C:Program Files (x86)MotorolaMotoConnectServiceMotoConnectService.exe () SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:WindowsSysNativedriversNISx641306020.00Asymnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:WindowsSysNativedriversNISx641306020.00Asymefa64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:WindowsSysNativedriversNISx641306020.00Aironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:WindowsSysNativedriversNISx641306020.00Asrtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:WindowsSysNativedriversNISx641306020.00Asrtspx64.sys (Symantec Corporation) DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (ccSet_NIS) -- C:WindowsSysNativedriversNISx641306020.00Accsetx64.sys (Symantec Corporation) DRV:64bit: - (sbapifs) -- C:WindowsSysNativedriverssbapifs.sys (Sunbelt Software) DRV:64bit: - (Lbd) -- C:WindowsSysNativedriversLbd.sys (Lavasoft AB) DRV:64bit: - (SymDS) -- C:WindowsSysNativedriversNISx641306020.00Asymds64.sys (Symantec Corporation) DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (PSMounter) -- C:WindowsSysNativedriverspsmounter.sys (Macrium Software) DRV:64bit: - (SBRE) -- C:WindowsSysNativedriversSBREDrv.sys (Sunbelt Software) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:WindowsSysNativedriversatksgt.sys () DRV:64bit: - (lirsgt) -- C:WindowsSysNativedriverslirsgt.sys () DRV:64bit: - (PSI) -- C:WindowsSysNativedriverspsi_mf.sys (Secunia) DRV:64bit: - (MEMSWEEP2) -- C:WindowsSysNative91A6.tmp (Sophos Plc) DRV:64bit: - (e1express) Intel® -- C:WindowsSysNativedriverse1e6232e.sys (Intel Corporation) DRV:64bit: - (DKRtWrt) -- C:WindowsSysNativedriversDKRtWrt.sys (Diskeeper Corporation) DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTSTOR) -- C:WindowsSysNativedriversRTSTOR64.sys (Realtek Semiconductor Corp.) DRV:64bit: - (WmFilter) -- C:WindowsSysNativedriversWmFilter.sys (Logitech Inc.) DRV:64bit: - (ahcix64s) -- C:WindowsSysNativedriversahcix64s.sys (AMD Technologies Inc.) DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions) DRV:64bit: - (HSF_DPV) -- C:WindowsSysNativedriversCAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWBS2) -- C:WindowsSysNativedriversCAXHWBS2.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:WindowsSysNativedriversCAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (XAudio) -- C:WindowsSysNativedriversXAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (mdmxsdk) -- C:WindowsSysNativedriversmdmxsdk.sys (Conexant) DRV - (NAVEX15) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120407.016ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120407.016eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsIPSDefs20120406.002IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsBASHDefs20120317.002BHDrvx64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys (Symantec Corporation) DRV - (a2acc) -- C:Program Files (x86)Emsisoft Anti-Malwarea2accx64.sys (Emsi Software GmbH) DRV - (Lavasoft Kernexplorer) -- C:Program Files (x86)LavasoftAd-Awarekernexplorer64.sys () DRV - (A2DDA) -- C:Program Files (x86)Emsisoft Anti-Malwarea2ddax64.sys (Emsi Software GmbH) DRV - (DrvAgent64) -- C:WindowsSysWOW64driversDrvAgent64.SYS (Phoenix Technologies) DRV - (1UnHooker) -- C:WindowsSysWOW64drivers1UnHooker.sys () DRV - (SASENUM) -- C:Program Files (x86)SUPERAntiSpywareSASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation) DRV - (TVICHW64) -- C:WindowsSysWOW64driversTVICHW64.SYS (EnTech Taiwan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = [binary data over 100 bytes] IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://us.mc1612.mail.yahoo.com/mc/welcome?.tm=1315028594#_pg=showFolder&fid=Inbox&order=down&tt=8&pSize=50&.rand=825442203&hash=22dc51734967b08b823fee4cfb1bb762&.jsrand=1458432 IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCU..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2 FF - user.js - File not found FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - [email protected]/GENUINE: disabled File not found FF - [email protected]/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.) FF - [email protected]/iTunes,version=: File not found FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - [email protected]/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.) FF - [email protected]/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.) FF - [email protected]/GENUINE: disabled File not found FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation) FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation) FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation) FF - [email protected]/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) FF - [email protected]/nppl3260;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.) FF - [email protected]/nprjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.) FF - [email protected]/nprpchromebrowserrecordext;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - [email protected]/nprphtml5videoshim;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.) FF - [email protected]/nprpjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.) FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - [email protected]/UnityPlayer,version=1.0: C:UsersLan-Ed-TulAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF - HKCUSoftwareMozillaPluginselectronicarts.com/GameFacePlugin: C:UsersLan-Ed-TulAppDataRoamingElectronic ArtsGame FacenpGameFacePlugin.dll (Electronic Arts) FF - HKCUSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) FF - HKE[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/02/08 18:38:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3IPSFFPlgn [2012/01/31 04:58:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3coFFPlgn [2012/04/08 00:13:12 | 000,000,000 | ---D | M] FF - HK[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M] [2010/09/29 05:42:09 | 000,000,000 | ---D | M] (No name found) -- C:UsersLan-Ed-TulAppDataRoamingMozillaExtensions [2010/08/22 16:32:49 | 000,000,000 | ---D | M] (No name found) -- C:[email protected] [2012/03/03 00:00:16 | 000,000,000 | ---D | M] (Map status indicator) -- E:TOMTOMTOMTOM HOME [email protected] O1 HOSTS File: ([2012/04/08 00:08:09 | 000,441,327 | R--- | M]) - C:WindowsSysNativedriversetchosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15191 more lines... O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.7.7227.1100swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ipsipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.7.7227.1100swg.dll (Google Inc.) O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O3 - HKLM..Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O3 - HKCU..ToolbarWebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation) O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) O4 - HKLM..Run: [WinPatrol] C:Program Files (x86)BillP StudiosWinPatrolwinpatrol.exe (BillP Studios) O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..Run: [TomTomHOME.exe] E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom) O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma.lnk = C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupCurseClientStartup.ccip () O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYankee Clipper III.lnk = C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O15 - HKCU..Trusted Domains: ebay.com ([my] https in Trusted sites) O15 - HKCU..Trusted Domains: ebay.com ([signin] https in Trusted sites) O15 - HKCU..Trusted Domains: facebook.com ([apps] https in Trusted sites) O15 - HKCU..Trusted Domains: facebook.com ([www] https in Trusted sites) O15 - HKCU..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU..Trusted Domains: secunia.com ([]https in Trusted sites) O15 - HKCU..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O16 - DPF: ppctlcab http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab (Reg Error: Key error.) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1 68.94.156.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{CDAFA582-DA8D-4806-9B51-EA9BD5E01368}: DhcpNameServer = 192.168.0.1 68.94.156.1 O18:64bit: - ProtocolHandlergopher - No CLSID value found O18:64bit: - ProtocolHandlerwlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL) - C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program Files (x86)SUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O34 - HKLM BootExecute: (autocheck lsdelete) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/08 12:07:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:UsersLan-Ed-TulDesktopOTL.exe [2012/04/07 20:53:34 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN [2012/04/07 17:22:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe [2012/04/07 17:22:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe [2012/04/07 17:22:39 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe [2012/04/07 17:22:30 | 000,000,000 | ---D | C] -- C:WindowsERDNT [2012/04/07 17:22:29 | 000,000,000 | ---D | C] -- C:ComboFix [2012/04/07 17:19:19 | 000,000,000 | ---D | C] -- C:Qoobox [2012/04/07 17:17:39 | 004,452,637 | R--- | C] (Swearware) -- C:UsersLan-Ed-TulDesktopComboFix.exe [2012/04/03 17:27:41 | 000,607,260 | R--- | C] (Swearware) -- C:UsersLan-Ed-TulDesktopdds.scr [2012/04/03 17:19:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:UsersLan-Ed-TulDesktopHijackThis.exe [2012/04/01 16:35:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/03/30 16:48:51 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingdvdcss [2012/03/28 19:09:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes [2012/03/28 19:08:48 | 000,000,000 | ---D | C] -- C:Program FilesiPod [2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program FilesiTunes [2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)iTunes [2012/03/27 22:33:54 | 000,000,000 | ---D | C] -- C:ProgramDataiolo [2012/03/27 04:55:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/03/27 04:55:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy [2012/03/15 02:25:19 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDWrite.dll [2012/03/15 02:15:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorekmts.dll [2012/03/15 02:15:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpwsx.dll [2012/03/15 02:15:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdrmemptylst.exe [2012/03/15 02:08:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcore.dll [2012/03/15 02:08:09 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpcore.dll [17 C:WindowsSysNative*.tmp files -> C:WindowsSysNative*.tmp -> ] [1 C:Windows*.tmp files -> C:Windows*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/08 12:26:01 | 000,000,334 | ---- | M] () -- C:WindowstasksHP Photo Creations Communicator.job [2012/04/08 12:07:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:UsersLan-Ed-TulDesktopOTL.exe [2012/04/08 12:04:02 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/04/08 09:38:34 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat [2012/04/08 09:38:34 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat [2012/04/08 00:20:39 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/08 00:20:39 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/08 00:12:37 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/04/08 00:12:35 | 535,437,311 | -HS- | M] () -- C:hiberfil.sys [2012/04/08 00:08:09 | 000,441,327 | R--- | M] () -- C:WindowsSysNativedriversetchosts [2012/04/07 17:37:23 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120408-000809.backup [2012/04/07 17:18:04 | 004,452,637 | R--- | M] (Swearware) -- C:UsersLan-Ed-TulDesktopComboFix.exe [2012/04/03 22:21:56 | 000,756,614 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/04/03 22:21:56 | 000,645,144 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/04/03 22:21:56 | 000,114,582 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/04/03 19:43:19 | 006,384,787 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache [2012/04/03 19:38:55 | 000,126,277 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalars.cache [2012/04/03 17:27:49 | 000,607,260 | R--- | M] (Swearware) -- C:UsersLan-Ed-TulDesktopdds.scr [2012/04/03 17:19:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:UsersLan-Ed-TulDesktopHijackThis.exe [2012/04/01 16:35:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/04/01 16:35:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2012/03/28 19:09:34 | 000,001,783 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk [2012/03/27 05:04:16 | 000,000,616 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk [2012/03/27 04:55:53 | 000,001,258 | ---- | M] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk [2012/03/27 04:51:31 | 000,002,501 | ---- | M] () -- C:UsersPublicDesktopNorton Internet Security.lnk [2012/03/27 04:51:02 | 001,557,464 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00ACat.DB [2012/03/27 04:50:49 | 000,008,727 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00AVT20120301.009 [2012/03/23 01:09:06 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS [2012/03/23 01:09:06 | 000,007,488 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT [2012/03/23 01:09:06 | 000,000,854 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF [2012/03/19 23:26:35 | 000,000,172 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00Aisolate.ini [2012/03/16 02:21:58 | 000,853,690 | R--- | M] () -- C:WindowsSysNativedriversetchosts.20120327-045856.backup [2012/03/15 02:19:46 | 000,398,112 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT [2012/03/12 04:44:34 | 000,001,246 | ---- | M] () -- C:UsersLan-Ed-TulDesktopAuslogics Disk Defrag.lnk [2012/03/12 04:43:04 | 000,001,281 | ---- | M] () -- C:UsersLan-Ed-TulDesktopAuslogics Registry Cleaner.lnk [2012/03/12 04:28:52 | 000,003,380 | ---- | M] () -- C:UsersLan-Ed-TulDocumentscc_20120312_042846.reg [2012/03/12 04:25:30 | 000,853,690 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120316-022158.backup [17 C:WindowsSysNative*.tmp files -> C:WindowsSysNative*.tmp -> ] [1 C:Windows*.tmp files -> C:Windows*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/07 17:22:39 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe [2012/04/07 17:22:39 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe [2012/04/07 17:22:39 | 000,098,816 | ---- | C] () -- C:Windowssed.exe [2012/04/07 17:22:39 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe [2012/04/07 17:22:39 | 000,068,096 | ---- | C] () -- C:Windowszip.exe [2012/04/01 16:35:07 | 000,000,830 | ---- | C] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/03/28 19:09:34 | 000,001,783 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk [2012/03/27 04:55:53 | 000,001,258 | ---- | C] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk [2012/03/12 04:44:34 | 000,001,246 | ---- | C] () -- C:UsersLan-Ed-TulDesktopAuslogics Disk Defrag.lnk [2012/03/12 04:43:03 | 000,001,281 | ---- | C] () -- C:UsersLan-Ed-TulDesktopAuslogics Registry Cleaner.lnk [2012/03/12 04:28:51 | 000,003,380 | ---- | C] () -- C:UsersLan-Ed-TulDocumentscc_20120312_042846.reg [2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:WindowsSysWow64nvStreaming.exe [2011/08/14 05:33:21 | 006,384,787 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache [2011/08/14 05:27:23 | 000,126,277 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalars.cache [2011/05/12 17:22:08 | 000,207,062 | ---- | C] () -- C:Windowshpoins46.dat [2011/03/25 16:19:53 | 000,000,193 | ---- | C] () -- C:WindowsWORDPAD.INI [2011/03/18 23:53:31 | 000,000,036 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalhousecall.guid.cache [2011/03/11 02:46:53 | 000,000,193 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.64.bc [2010/09/29 06:37:56 | 000,000,098 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalfusioncache.dat [2010/09/29 06:05:24 | 000,000,258 | RHS- | C] () -- C:ProgramDatantuser.pol [2010/09/29 05:33:53 | 000,743,126 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI ========== LOP Check ========== [2010/09/29 05:42:01 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAcreon [2010/09/29 05:42:05 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAcronis [2011/08/31 07:07:46 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAnvSoft [2010/09/29 05:42:06 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAscentive [2010/09/29 05:42:07 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAuslogics [2011/03/08 12:04:25 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAvery [2010/09/29 05:42:07 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingBlitware [2011/12/07 12:47:56 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingConverterLite [2012/01/20 19:52:16 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingCyberDefender [2010/09/29 05:42:07 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingDriverCure [2011/08/01 20:33:35 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingElectronic Arts [2011/10/30 06:03:47 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingFreshDiagnose [2010/09/29 05:42:07 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingGrisoft [2010/09/29 05:42:07 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingLeadertech [2011/12/07 12:35:39 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingMP3Rocket [2011/04/20 18:20:08 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingNCH Swift Sound [2008/09/27 01:24:38 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingPeerNetworking [2012/01/28 18:29:44 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingpicpick [2010/04/18 05:16:11 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingSanDisk [2009/10/05 10:08:33 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingSecunia CSI [2010/09/29 05:42:11 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingTific [2010/09/29 05:42:11 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingTomTom [2011/09/08 04:02:04 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingUnity [2011/12/24 00:26:02 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingVisan [2011/09/04 22:31:19 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingWindows Live Writer [2010/09/29 05:42:11 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingWinPatrol [2011/08/21 01:03:05 | 000,032,630 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34 < End of report > OTL Extras logfile created on: 4/8/2012 12:10:02 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:UsersLan-Ed-TulDesktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 3.69 Gb Available Physical Memory | 61.47% Memory free 11.99 Gb Paging File | 9.72 Gb Available in Paging File | 81.06% Paging File free Paging file location(s): ?:pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 580.63 Gb Total Space | 441.04 Gb Free Space | 75.96% Space Free | Partition Type: NTFS Drive D: | 15.54 Gb Total Space | 13.18 Gb Free Space | 84.83% Space Free | Partition Type: NTFS Drive E: | 931.51 Gb Total Space | 804.76 Gb Free Space | 86.39% Space Free | Partition Type: NTFS Computer Name: NCC1701CPTKIRK | User Name: Lan-Ed-Tul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] .cpl[@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] .cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%SysWow64control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%system32mshtml.dll,PrintHTML "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:Windowssystem32rundll32.exe" "C:Windowssystem32ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%SysWow64rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%SysWow64control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%SysWow64rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring] 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall] 64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile] 64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall] "{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol "{0D9D38E1-B123-4CC6-A575-0C5CE8667CD4}" = Macrium Reflect - Free Edition "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java 6 Update 31 (64-bit) "{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3 "{88BA7C21-7287-4EE9-855A-7FF1B311CAA0}"
  13. well i run it, and it rebooted per the prg making it do so, but it sorta froze up and never produced the logfile.
×
×
  • Create New...